Treasury Department hit in cyberbreach by China-sponsored actor, officials say
The Treasury Department was breached by a China-sponsored actor earlier this month, officials told Congress in a letter on Monday.
The "major" breach was achieved by gaining access to a third-party cybersecurity service Treasury used, called BeyondTrust, they said.
The actor then accessed Treasury workstations and "certain unclassified documents" on them, department officials said in a letter to the Senate Banking Committee.
The threat actor was able to "override the service's security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users," the letter said.
Treasury has ceased use of BeyondTrust since discovering the incident.
"The compromised BeyondTrust service has been taken offline and there is no evidence indicating the threat actor has continued access to Treasury systems or information," according to a Treasury Department spokesperson.
The department has been working with the FBI and THE Cybersecurity and Infrastructure Security Agency (CISA) as well as the intelligence community to "fully characterize the incident and determine its overall impact," the official said.
More information will be available on the hack in a supplemental notice to Congress within 30 days, according to the Treasury Department.
Treasury is mandated by policy to notify Congress of such breaches.
China is one of America's most pernicious cyberactors, experts and officials say. Last month, officials said a Chinese-backed group hacked into nine telecommunications companies and was able to gain access to certain high-profile individuals cellphones as a result of the hack.
It is unclear if this breach is related to those alleged actions.